Title

Network Management routers located at switch sites are not configured to provide IP and packet level filtering/protection. (Cat II impact)

Discussion

Requirement: The IAO will ensure that routers that provide remote connectivity to out-of-band management networks located at switch sites provide IP and packet level filtering/protection. All routers connected to a DSN Switch are to be configured to control network access to the DSN switch by IP and port/service. Implementing standard and extended access lists to control network access to the switch will add another security access layer minimizing risk to the DSN.

Check Content

Interview the IAO and/or SA to confirm compliance through discussion, review of site policy and procedures, diagrams, documentation, configuration files, logs, records, DAA/other approvals, etc as applicable

Fix Text

> Implement processes / procedures, generate documents, and/or adjust configuration(s) / architecture, as necessary to comply with policy.

Additional Identifiers

Rule ID: SV-8417r1_rule

Vulnerability ID: V-7931

Group Title: No IP or packet filtering on NMS routers

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.